08-10-2015 10:33 PM - edited 03-05-2019 02:02 AM
Hi,
on a multi-site installation, I've got some additional requirements to implement. Currently, two site (CPE) have a tagged ethernet service to a central site (PE). Now, apart from the L3 traffic, I need to bridge an additional VLAN from site 2 to site 1 in order to provide a guest WLAN which is terminated through a firewall at site 1. Our PE currently is an ASR1000 series router (about to be replaced by ASR900 series), the CPEs are 1941 routers with Security IOS licenses and additional 4-port switching card. Configuring the QinQ as such works fine, e.g. with CPE configured with this: interface GigabitEthernet0/1.61400 encapsulation dot1Q 614 second-dot1q 201 ip address 10.99.98.2 255.255.255.0 bridge-group 201 and PE with interface GigabitEthernet0/1.61400 encapsulation dot1Q 614 second-dot1q 201 ip address 10.99.98.1 255.255.255.0 bridge-group 201 IPs were only added to help debugging/analysis; doing a ping works fine, therefore I'd expect the actual QinQ stuff working. I have another subinterface with just the 614 tag, which also seems to work, but on that, all I do is L3 IP. On the CPE (which I have set up in our lab on another 1941/SEC), I have also configured (for testing purposes) one of the switch interfaces on each site router as "switchport access vlan201" , then added the "int vlan 201" also into bridge-group 201. IRB is active, bridge-group 201 is set to protocol IEEE on all routers. On the PE I have configured the two QinQ subinterfaces also into the same bridge-group. Anyway, none of the broadcasts or other L2 stuff seems to be transported between the sites over the QinQ bridge broup. I assume I'm just missing some minor thing here, but after checking docs and examples, I'm sort of out of ideas ... none of the docs I found use the combination of QinQ and bridge groups, so I'm not even sure if this doesn't work by design ... Any hints or ideas appreciated ...
08-11-2015 01:34 AM
Gary,
Can you perhaps post the entire CPE configuration please?
In any case, the bridge-group is a virtual switch instance, and if there is to be a Layer3 (routed) interface in that entire bridge-group then it must be the interface BVI (e.g. BVI201). I am not sure if it permissible to put the bridge-group on an interface Vlan. There is an application of doing so; Cisco calls it Fallback Bridging, and it is intended purely for non-IP traffic. You can read more about it here:
But I am not entirely sure what exactly is what you are trying to accomplish. Can you perhaps try to describe it once again, perhaps in an example or in different words?
Best regards,
Peter
08-11-2015 02:14 AM
Due to time constraints, I have decided to drop the QinQ config with bridging and instead configure PseudoWire to bridge the two vlans ... tested on the trial licenses and works like charm with three lines of config ;) Getting the data license is probably cheaper than sinking additional time into the QinQ stuff ...
I also tried the BVI stuff, did not seem to work either ...
08-11-2015 02:49 AM
Hi Garry,
Okay :) Did you use L2TPv3?
Best regards,
Peter
08-11-2015 03:02 AM
Yes ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide